2.2 Malware

Potentially unwanted program (PUP)

A PUP is a software inadvertently installed that contains adware, installs toolbars, or has other objectives. A PUP is different from malware because the user gives consent to download it. If you download a program from the internet but forget to read the download agreement, you may end up with unwanted programs being downloaded. A few signs that you have PUPs on your computer include browser popups recommending fake updates or other software; webpages you typically visit not displaying properly; and ads appearing where they shouldn't. Adware Toolbars unclear objectives user gives consent download agreement Popups weird display and Ads

Zombie

A computer that is infected with malware and is controlled by a command and control center is called a zombie master. Is also known as a bot, short for robot. Commonly uses Internet Relay Chat (IRC) channels, also known as chat rooms), to communicate with the zombie master. Is frequently used to aid spammers. Is used to commit click fraud. The internet uses a form of advertising called pay-per-click, in which a developer of a website places clickable links for advertisers on the website. Each time the link is clicked, a charge is generated. Zombie computers can be used to commit click fraud by imitating a legitimate user clicking an ad. Is used for performing denial-of-service attacks.

Fileless virus

A fileless, virus uses legitimate programs to infect a computer. it doesn't rely on files, it leaves no footprint, making it undetectable by most antivirus, whitelisting, and other traditional endpoint security solutions. no footprint mostly undetectable operates in memory often uses social engineering

Botnet

A group of zombie computers that are commanded from a central control infrastructure. boot net is also several computers infected with the same Trojan. Operates under a command and control infrastructure where the zombie master (also known as the bot herder) can send remote commands to order the bots to perform actions. Is detected through the use of firewall logs to determine if a computer may be acting like a zombie participating in external attacks.

Script kiddy

A less-skilled hacker who often relies on automated tools or scripts written by crackers to scan systems and exploit weaknesses.

Trojan horse

A malicious program that is disguised as legitimate or desirable software. can create back doors for an attacker. A RAT > remote access including a GUI in order to take complete control over the system. Cannot replicate itself. Does not need to be attached to a host file. Often contains spying functions, such as a packet sniffer, or backdoor functions that allow a computer to be remotely controlled from the network. Often is hidden in useful software, such as screen savers or games. A wrapper is a program that is used legitimately but has a Trojan attached to it. The Trojan infiltrates the computer that runs the wrapper software. Relies on user decisions and actions to spread.

Cracker

A person actively engaged in developing and distributing worms, Trojans, and viruses; engaging in probing and reconnaissance activities; creating toolkits so that others can hack known vulnerabilities; and/or cracking protective measures.

Hacker

A person who commits crimes through gaining unauthorized access to computer systems.

Virus

A program that attempts to damage a computer system and replicate itself to other computer systems.

Scareware

A scam to fool a user into thinking there is some form of malware on the system. The intent of the scam is to sell the user fake antivirus software to remove malware they don't have.

Worm

A self-replicating malware program. to avoid a worm keep systems patch. Does not require a host file to propagate. Automatically replicates itself without an activation mechanism. A worm can travel across computer networks without any user assistance. Infects one system and spreads to other systems on the network.

Rootkit

A set of programs that allows attackers to maintain hidden, administrator-level access to a computer. Is almost invisible software. Resides below regular antivirus software detection. Requires administrator privileges to install and maintains those privileges to allow subsequent access. Is not always malicious. Often replaces operating system files with alternate versions that allow hidden access.

Remote access Trojan (RAT)

Malware that includes a back door to allow a hacker administrative control over the target computer. RATs are usually downloaded invisibly with a user-requested program, such as a game or an email attachment. Use keystroke loggers that capture keystrokes, mouse operations, or screenshots, and transmits those actions back to the attacker to obtain passwords. Access confidential information, like credit card and social security numbers. Format drives. Activate a system's webcam and record video. Delete, download, or alter files and file systems. Distribute viruses and other malware.

Logic bomb

Malware, designed to execute only under predefined conditions. It is dormant until the predefined condition is met. Predefined conditions Time or date Benign to Dangerous

Crimeware

Malware, designed to perpetrate identity theft. It allows a hacker access to online accounts at financial services, such as banks and online retailers. Steal Identity Remove funds make unauthorized transactions install key loggers

Crypto-malware

Ransomware that encrypts files until a ransom is paid. Crypto-malware is ransomware that encrypts files until a ransom is paid.

Malware

Software designed to take over or damage a computer without the user's knowledge or approval.

Spyware

Software installed without the user's consent or knowledge and is designed to intercept or take partial control of the user's computer. Intercept data Take partial control Collect personal info Tracking Cookies install software change settings redirect browser

Additional Preventive Measures In addition, implement the following measures:

Train users to not download files from unknown sources or open files in suspicious emails. Spyware, adware, crimeware, and Trojans all take advantage of downloads. Remove removable drives to prevent unauthorized software from being installed on a system. Show full file extensions on all files. Viruses, worms, and Trojans often make use of double file extensions to change files that are normally deemed harmless. For example, adding the extension .TXT.EXE to a file will make the file appear as a text file in an attachment when, in reality, it is an executable. Enable antivirus scanning for all email attachments. Enable antivirus scanning for all removable storage, such as USB flash drives and CD-ROMs. Block executable files that have been copied from another computer. Require that they be manually unblocked before execution. Enable privacy controls in Windows Internet Explorer. Delete browsing history. Configure Autocomplete settings to not store entries such as usernames, passwords, web addresses, and forms. Use third-party tools to scan for issues and cleanup problems.

Malware Prevention Regardless of the type of malware, there are some common things you can do to prevent malware infection:

Use the latest version and patch level for your web browser. Install the latest patches for the operating system. Install antivirus, anti-spyware, anti-rootkit, and personal firewall software. Keep definition files up-to-date. Use a pop-up blocker to prevent adware. Use software to control cookies on the system. Perform regular scheduled scans to look for malware. Choose anti-malware software from a reputable company. Don't let scareware fool you into purchasing a product that may not work.

Malware Recovery Malware can permanently damage your system. Recovery from malware can include the following steps:

You may have to reinstall applications, features, or even the entire operating system from scratch. If your organization uses imaging solutions, you can quickly re-image a machine if it is infected with malware. Re-imaging or installing from scratch is often faster and more effective than malware removal and cleanup. Remediation is the process of correcting problems. Most antivirus software remediates problems automatically or semi-automatically by prompting you to identify the action to take. Possible actions in response to problems are: Repair the infection. Repair is possible for true viruses that have attached themselves to valid files. During the repair, the virus is removed and the file is placed back in its original state, if possible. Quarantine the file. Quarantine moves the infected file to a secure folder where it cannot open or run normally. You might quarantine an infected file that cannot be repaired to see if another tool or utility might be able to recover the file at another time. Delete the file. You should delete malicious files such as worms, Trojan horse programs, spyware, or adware programs. Periodically review the quarantine folder and delete any files you do not want to recover.

Ransomware

Malware that denies access to a computer system until the user pays a ransom.

Adware

Malware that monitors a user's personal preferences and sends pop-up ads that match those preferences.